OPCPublisher fails to run in iotedgehubdev due to TLS authentication error

[derSchtefan]

When I run an IoT edge solution containing OPCPublisher from Microsoft, the module keeps restarting with the errors below. It seems something goes wrong during communication with the edge agent / edge hub, something with the TLS certificate is wrong?

OPCPublisher           | [10:11:08 INF Root] Starting module OpcPublisher version 2.8.2.1.
OPCPublisher           | [10:11:08 INF Root] Initiating prometheus at port 9702/metrics
OPCPublisher           | [10:11:08 INF Root] Prometheus metric server started.
OPCPublisher           | [10:11:08 INF Microsoft.Azure.IIoT.Http.HealthChecks.HealthCheckManager] Health checks started.
OPCPublisher           | opcstacktracemask set to: 0x0
OPCPublisher           | [10:11:08 INF Microsoft.Azure.IIoT.Module.Framework.Client.IoTSdkFactory] Running outside iotedge context.
OPCPublisher           | [10:11:08 INF Microsoft.Azure.IIoT.Module.Framework.Client.IoTSdkFactory] 0: Module teststefan_OPCPublisher disconnected due to Communication_Error - now Disconnected...
OPCPublisher           | [10:11:08 ERR Microsoft.Azure.IIoT.Module.Framework.Hosting.ModuleHost] Module Host failed to start.
OPCPublisher           | [10:11:08 ERR Root] Error during module execution - restarting!
OPCPublisher           | System.AggregateException: One or more errors occurred. (TLS authentication error.)
OPCPublisher           |  ---> System.Security.Authentication.AuthenticationException: TLS authentication error.
OPCPublisher           |  ---> System.AggregateException: One or more errors occurred. (The remote certificate is invalid according to the validation procedure.)OPCPublisher           |  ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.  
OPCPublisher           |    at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
OPCPublisher           |    at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
OPCPublisher           |    at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
OPCPublisher           |    at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
OPCPublisher           |    at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
OPCPublisher           | --- End of stack trace from previous location where exception was thrown ---
OPCPublisher           |    at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
OPCPublisher           |    at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, 
Boolean requiresSynchronization)
OPCPublisher           |    --- End of inner exception stack trace ---
OPCPublisher           |    at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttTransportHandler.OpenInternalAsync(CancellationToken cancellationToken)
OPCPublisher           |    at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttTransportHandler.OpenAsync(CancellationToken cancellationToken)
OPCPublisher           |    at Microsoft.Azure.Devices.Client.Transport.ProtocolRoutingDelegatingHandler.OpenAsync(CancellationToken cancellationToken)
OPCPublisher           |    at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.<>c__DisplayClass27_0.<<ExecuteWithErrorHandlingAsync>b__0>d.MoveNext()
OPCPublisher           | --- End of stack trace from previous location where exception was thrown ---
OPCPublisher           |    at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.ExecuteWithErrorHandlingAsync[T](Func`1 asyncOperation)
OPCPublisher           |    at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttIotHubAdapter.WriteMessageAsync(IChannelHandlerContext context, Object message, 
Func`3 exceptionHandler)
OPCPublisher           |    at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttIotHubAdapter.ConnectAsync(IChannelHandlerContext context)
OPCPublisher           |    --- End of inner exception stack trace ---
OPCPublisher           |    at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.ExecuteWithErrorHandlingAsync[T](Func`1 asyncOperation)
OPCPublisher           |    at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.<>c__DisplayClass38_0.<<OpenInternalAsync>b__0>d.MoveNext()       
OPCPublisher           | --- End of stack trace from previous location where exception was thrown ---
OPCPublisher           |    at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.EnsureOpenedAsync(CancellationToken cancellationToken)
OPCPublisher           |    at Microsoft.Azure.Devices.Client.InternalClient.OpenAsync()
OPCPublisher           |    at Microsoft.Azure.IIoT.Module.Framework.Client.IoTSdkFactory.ModuleClientAdapter.CreateAsync(String product, IotHubConnectionStringBuilder cs, String deviceId, String moduleId, ITransportSettings transportSetting, TimeSpan timeout, IRetryPolicy retry, Action onConnectionLost, ILogger logger) 
in D:\a\1\s\common\src\Microsoft.Azure.IIoT.Hub.Module.Client\src\Default\IoTSdkFactory.cs:line 281
OPCPublisher           |    at Microsoft.Azure.IIoT.Utils.Try.Options[T](Func`1[] options)
OPCPublisher           |    --- End of inner exception stack trace ---
OPCPublisher           |    at Microsoft.Azure.IIoT.Utils.Try.Options[T](Func`1[] options) in D:\a\1\s\common\src\Microsoft.Azure.IIoT.Core\src\Utils\Try.cs:line 106
OPCPublisher           |    at Microsoft.Azure.IIoT.Module.Framework.Client.IoTSdkFactory.CreateAsync(String product, IProcessControl ctrl) in D:\a\1\s\common\src\Microsoft.Azure.IIoT.Hub.Module.Client\src\Default\IoTSdkFactory.cs:line 199
OPCPublisher           |    at Microsoft.Azure.IIoT.Module.Framework.Hosting.ModuleHost.StartAsync(String type, String siteId, String productInfo, String version, IProcessControl reset) in D:\a\1\s\common\src\Microsoft.Azure.IIoT.Hub.Module.Framework\src\Hosting\ModuleHost.cs:line 176
OPCPublisher           |    at Microsoft.Azure.IIoT.Modules.OpcUa.Publisher.ModuleProcess.RunAsync() in D:\a\1\s\modules\src\Microsoft.Azure.IIoT.Modules.OpcUa.Publisher\src\ModuleProcess.cs:line 126
OPCPublisher           | [10:11:08 INF Microsoft.Azure.IIoT.Agent.Framework.Agent.WorkerSupervisor] Stopping worker supervisor
OPCPublisher           | [10:11:08 INF Microsoft.Azure.IIoT.Agent.Framework.Agent.WorkerSupervisor] Worker supervisor successfully stopped
OPCPublisher           | [10:11:08 INF Microsoft.Azure.IIoT.Http.HealthChecks.HealthCheckManager] Health checks stopped.
OPCPublisher           | [10:11:08 INF Root] Stopped prometheus metric server
OPCPublisher           | [10:11:08 INF Root] Module stopped.

[marianan]

@derSchtefan thanks for reporting this issue. Are you able to run your scenario using a VM or physical device? Does it only fail in the simulator?

[derSchtefan]

@marianan everything works perfectly fine on VMs and physical devices. it only fails in the simulator.

[marianan]

Got it, thanks for confirming. The issue is in our backlog. We will share updates here when available.

[mawax]

You can work around this by passing the command-line argument BypassCertVerification=true to the OPCPublisher module. See: https://docs.microsoft.com/en-us/azure/industrial-iot/reference-command-line-arguments

[ReneHezser]

@derSchtefan I could run the OPCPublisher and debug in a custom filter module in local edgeHub dev with the proposed setting from mawax.

"settings": {
    "image": "mcr.microsoft.com/iotedge/opc-publisher:2.8.3",
    "createOptions": {
        "Hostname": "opcpublisher",
        "Cmd": [
            "--BypassCertVerification=true",
            "--an=IIoTAdapter",

Does it work for you as well?

[delema98]

This issue can be closed. Since the version 2.9.0 Preview 4 this issue is fixed.

duplicate here

[konichi3]

Thank you for the notification. Closing.